2 matches found
CVE-2015-3319
CVE-2015-3319 affects Hotspot Express hotEx Billing Manager version 73. The root cause is absence of the HttpOnly flag in Set-Cookie headers, enabling potential access to cookies via client-side scripts by remote attackers. Multiple sources (NVD entry and CNVD/OpenVAS notes) corroborate this expo...
CVE-2015-2781
CVE-2015-2781 describes a cross-site scripting (XSS) vulnerability in Hotspot Express hotEx Billing Manager 73, via the hotspotlogin.cgi parameter reply. A malicious user can inject script into pages viewed by other users; PoC shows script execution (e.g., alert(document.cookie)). The vulnerable ...